How technical illiteracy threatened the privacy of hundreds of retired police officers
The names, addresses, and social security numbers of 300 retired police officers and their dependents in Syracuse, New York were mistakenly shared Friday when a city employee sent an email with "an attachment" containing all of that information to another retired officer.
That officer says that he immediately deleted the information from his computer and warned City Hall about the breach. A letter was sent to affected officers and their families, the local news station assured its viewers that the police department won't make the mistake again, and this was labeled a small problem in a city about to enter the throes of March Madness.
This accidental compromise of hundreds of retired police officers' privacy is more than just a small error -- it's a reminder of how dangerous technical illiteracy can be. The information wasn't stolen by some nefarious hacker, it was shared by a city employee who was somehow able to share that much sensitive data by sending a single email attachment.
Even if that information hadn't been shared, Syracuse seems to have taken a lackadaisical approach to digital security: the information was apparently unencrypted even though it featured full names and social security numbers. The police department has since promised to keep just the last four digits of a social security number and to encrypt the data, but judging from its antiquated website, those changes might not be implemented for some time.
In the meantime, technical ignorance will continue to erode digital security and privacy, both in public discourse and in the care-taking of private information.
Consider the recent debacle concerning Twitter's public nature and the journalistic ethics of collecting tweets about sexual assault to be published on a site with hundreds of millions of monthly pageviews. The debate was partly driven by the idea that Twitter users expect some semblance of privacy even though they are communicating in a public medium that anyone can view on a whim. As I concluded my piece about the debate:
It’s becoming easier and easier to find the right needle no matter how large the haystack becomes. Twitter’s search function is getting better and better. Many of the apps used to access the service have their own search utility, which makes it easy to find tweets that even Twitter’s built-in search can’t find. Services like Storyful collect relevant tweets in real-time. The larger Twitter grows the better these tools become, and that’s not changing any time soon.
It’s 2014 — it’s time that everyone knew how these services work and how they can defend their personal information and communications, no matter their subject matter. Or consider instead the revelation that Apple's products had a serious security problem for 18 months because it couldn't properly implement a widely-used security standard. The company obfuscated the extent of the problem by using technical language that few consumers would understand, if they even bothered to look at it in the first place. As I wrote in February:
The revelation demonstrates the ease with which digital security can be undermined — and the extent to which consumers are kept ignorant of significant problems with “secure” tools.
Terms like “privileged network position,” “sessions protected by SSL/TLS,” and “restoring missing validation steps” are gobbledygook to most consumers. Apple might as well have said that its magic portal may have been vulnerable to demonic infiltration, because its doohickey wasn’t properly communicating with the gizmo or the who’s-a-what’s-it. All of these problems were caused or perpetuated by technical ignorance. That's what allowed Apple to patch such a serious vulnerability without significant public backlash. It's what convinced Twitter users that they could share information without having to worry about anyone outside their intended audience seeing it, even though it's a public network. And it's what compromised the privacy of many retired police officers and their families because Syracuse didn't safeguard their data or teach city employees how to properly send emails.
This isn't a small problem in a small city -- it's the latest example where having little regard for how technology works is dangerous not just for the people making or using it, but for many others.
[image via thinkstock]